A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.
View in Your Browser at https://nsi.org/Security_NewsWatch/NewsWatch/1.12.17.html
In this issue — January 12, 2017
- 49% of businesses fell victim to cyber ransom attacks in 2016
• Lax Security at Washington Navy Yard Persisted Years After Shooting
• How hackers made life hell for a CIA boss and other top US officials
• Report: U.S. Reacting at Analog Pace to a Rising Digital Risk
• Deal Brokered in Nuclear Spy Case Involving China
• Intel Report: Putin Led Cyber Op to Help Elect Trump, Discredit Clinton
•Trump Picks Former Senator Coats as DNI
• Foreign Nation Said to Cause Massive Healthcare Breach
• U.S. Intelligence IDs China’s Hacking Hotel
• Russian Hackers Suspected of Attacking War Monitor
49% of businesses fell victim to cyber ransom attacks in 2016 (Tech Republic, 1/10/17)
Nearly half of businesses report that they were the subject of a cyber-ransom campaign in 2016, according to Radware’s Global Application and Network Security Report 2016-2017. Data loss topped the list of IT professionals’ cyber attack concerns, the report found, with 27% of tech leaders reporting this as their greatest worry. It was followed by service outage (19%), reputation loss (16%), and customer or partner loss (9%).
Ransomware attacks in particular continue to increase rapidly: 41% of respondents reported that ransom was the top motivator behind the cyber attacks they experienced in 2016. Meanwhile, 27% of respondents cited insider threats, 26% said political hacktivism, and 26% said competition. More
Lax Security at Washington Navy Yard Persisted Years After Shooting (Navy Times, 1/9/17)
Two years after a gunman killed 12 people at the Washington Navy Yard headquarters of Naval Sea Systems Command, an internal Navy audit of security measures at the same building found stunning security lapses and concluded that the Navy had skimped on recommended safety measures to save money. The findings reveal a bewildering array of shortfalls, including unqualified civilian-contract security guards and a failure to properly mitigate both insider and terror threats.
The NAVSEA building’s security was so lax that guards allowed one undercover investigator to enter the building without being challenged, according to a recently published report. The report found that the guards lacked basic knowledge of Navy security procedures, including the proper configuration of their weapons or when they were authorized to use them. More
How hackers made life hell for a CIA boss and other top US officials (ArsTechnica, 1/9/17)
A North Carolina man has pleaded guilty to a conspiracy that illegally accessed the e-mail and social media accounts of Central Intelligence Director John Brennan and other senior government officials and then used that access to leak sensitive information and make personal threats.
Justin Gray Liverman, 24, of Morehead City, North Carolina, pleaded guilty to conspiracy to violate the Computer Fraud and Abuse Act, commit identity theft, and make harassing, anonymous phone calls, federal prosecutors said Friday. Among the 10 people targeted in the conspiracy were Brennan; then-Deputy FBI Director Mark Giuliano; National Intelligence Director James R. Clapper; Greg Mecher, the husband of White House Communication Director Jen Psaki; and other government officials. The group called itself Crackas with Attitude, and it was led by a co-conspirator going by the name of Cracka. More
Report: U.S. Reacting at Analog Pace to a Rising Digital Risk (NYT, 1/7/17)
Of the many questions left unanswered by intelligence agencies’ accusation that Russia’s president, Vladimir V. Putin, led a multilayered campaign to influence the 2016 presidential election, one stands out: Why did it take the Obama administration more than 16 months to develop a response? The short answer, suggested by the report, is that the U.S. government is still responding at an analog pace to a low-grade, though escalating, digital conflict.
The report, compiled by the FBI, the CIA, and the NSA, makes no judgments about the decisions that the agencies or the White House made as evidence of Russian activity mounted. But to anyone who reads between the lines and knows a bit of the back story not included in the report, the long lag times between detection and reaction are stunning. More
Deal Brokered in Nuclear Spy Case Involving China (Knoxville News-Sentinel, 1/6/17)
An engineer working as an operative for the Chinese government in a bid to use American know-how to beef up China’s nuclear program has pleaded guilty in the first-of-its-kind prosecution in the nation. Szuhsiung “Allen” Ho confessed last week in U.S. District Court in the nation’s first case of nuclear espionage involving China.
In a plea deal, Ho is being allowed to plead guilty to a lesser charge and will be sentenced under a terrorism statute dubbed the Freedom Act of 2015. The maximum sentence is 20 years. To keep that deal, Ho must tell the government everything he knows about China and its nuclear program. Ho’s plea is considered key to gathering intelligence on the inner workings of China’s nuclear program. More
Cyber Security Isn’t Rocket Science. It’s People Science
Technology may be one aspect of cyber security, but the real challenge is managing the human element. It’s your people who are the first and best line of defense. Today there are more threats, more vulnerabilities, more portable storage devices, and there’s increased mobility. That means educating employees about cyber security is more difficult, demanding and necessary than ever before.
So, how do you make sure that your company’s information assets are protected? The first line of defense is employee awareness – the critical “humanware” component of your cyber security armor. NSI’s SECURITYsense awareness program gives employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your hard-earned reputation and ensure that your employees are part of the solution and not part of the problem. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.
Intel Report: Putin Led Cyber Op to Help Elect Trump, Discredit Clinton (DC Free Beacon, 1/6/17)
The CIA, FBI, and NSA concluded in a report made public last week that Russian President Vladimir Putin directed a covert intelligence campaign to boost the election of Donald Trump while seeking to discredit Hillary Clinton. The 23-page unclassified report is part of a longer secret study into a wide-ranging cyber and disinformation campaign similar to the activities during the Cold War of the Soviet KGB intelligence service.
“We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the U.S. presidential election,” the report said. “Russia’s goals were to undermine public faith in the U.S. democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.” More
Trump Picks Former Senator Coats as DNI (AP, 1/6/17)
President-elect Donald Trump has selected former Indiana Sen. Dan Coats to lead the Office of the Director of National Intelligence, a role that would thrust him into the center of the intelligence community that Trump has publicly challenged.
Coats served as a member of the Senate Intelligence Committee before retiring from Congress last year. If confirmed by the Senate, he would oversee the umbrella office created after 9/11 to improve coordination of U.S. spy and law enforcement agencies. More
Foreign Nation Said to Cause Massive Healthcare Breach (Lake County News, 1/6/17)
The California Department of Insurance on last week released findings concerning the cybersecurity breach of health insurance giant Anthem Inc., which compromised 78.8 million consumers’ records. Anthem agreed to make a number of enhancements to its information security systems, and also agreed to provide credit protection to all consumers whose information was compromised. Anthem is paying out more than $260 million.
“This was one of the largest cyber hacks of an insurance company’s customer data,” said California Insurance Commissioner Dave Jones. “our examination team concluded with a significant degree of confidence that the cyber-attacker was acting on behalf of a foreign government. … The United States government needs to take steps to prevent and hold foreign governments and other foreign actors accountable for cyberattacks.” More
U.S. Intelligence IDs China’s Hacking Hotel (Washington Times, 1/4/17)
U.S. military intelligence has identified a headquarters for a Chinese military hacking unit — inside two Beijing hotels. According to an open-source intelligence report produced by the Army’s Asian Studies Detachment, “the Headquarters/Jintang and Seasons Hotel appear to be located in the same or at least adjacent buildings, both of which are, according to available information, owned by or connected to the People’s Liberation Army 4th Department.”
The Fourth Department, known as 4PLA, until recently was part of the military’s General Staff Department and is also known as the Electronic Countermeasures and Radar Department. The roll of the department is to conduct offensive electronic warfare and information warfare, including offensive cyberattacks. The electronic and information warfare are among China’s most secret operations, and the location of the headquarters at the hotels appears to be following the strategic dictum of hiding in plain sight. More
Russian Hackers Suspected of Attacking War Monitor (Info Security, 1/3/17)
International war monitor the Organization for Security and Co-operation in Europe (OSCE) last week revealed it has been on the receiving end of a “major” cyberattack. The 57-member state body – which also monitors elections, and plays a role in arms control and cybersecurity – said it first became aware of a “major information security incident” in November.
The attack apparently compromised the confidentiality of its IT network and put its integrity at risk. An OSCE spokeswoman said “the way in which the attacker accessed the OSCE was identified, as have some of the external communication destinations.” There are rumors, emanating from a Western intelligence agency, that the notorious Russian hacking group APT28 is behind the attack. More